Redirect Attempt Limit in J2EE Agents

The processing of requests by the agent can result in redirects for
the client browser. Such redirects can happen when the user has not authenticated
with Access Manager Authentication Service, lacks the sufficient credentials
necessary to access a protected resource, and a variety of other reasons.

While the agent ensures that only the authenticated and authorized users
get access to the protected resources, there is a remote possibility that
due to misconfiguration of the system, the client browser may be put into
an infinite redirection loop.

The Redirect Attempt Limit configuration property allows you to guard
against such potential situations by ensuring that after a given number of
consecutive requests from a particular user that result in the same exact
redirect, the agent blocks the user request. This blocking of the request
is only temporary and is removed the moment the user makes a request that
does not result in the same redirect or results in access being granted to
the protected resource. The configuration property that controls this feature
is:

com.sun.identity.agents.config.redirect.attempt.limit

If a non-zero positive integer is specified as the value of this property,
the agent will break the redirection loop after the specified number of requests
result in the same redirects. When its value is set to zero, this feature
is disabled.

To protect the system from such situations, enable this feature. Furthermore,
enabling this feature can help in breaking potential denial of service attacks.